Okta allows you to provide secure identity management and single sign-on to any application, whether in the cloud, on-premises or on a mobile device for your employees, partners and customers with Okta.
With Sapling’s integration with Okta, you can:
This guide provides a walkthrough on how Sapling Admins can enable the Okta integration and is split into two sections:
Setting up Okta for Auth Services Only (steps #1 - #4) and setting up Okta for Auth + Provisioning Services (step #5).
Login to Okta and go to the "Applications" tab. Then select "Add Application."
Search for "Sapling" and click "Add."
There will be two Sapling Applications in Okta, which are used for different domains. Please ensure you choose the correct domain structure for your Sapling account (either saplingapp.io or saplinghr.com).
Under "General Settings," fill in the "Subdomain" for your company. The Subdomain is the first part of your Sapling URL.
For example, if your Sapling login URL is "https://rocketship.saplingapp.io", then the subdomain would simply be "rocketship."
Once you fill in your Subdomain, click "Next".
On the "Assign to People" tab, you have the option to assign the app to employees who are already in Okta. We recommend you assign Sapling to your entire organization.
Once people have been assigned, click "Next" and the set-up will be completed.
Once you have added Sapling in your Okta dashboard, you’ll we need to add the SSO URL and the certificate to Sapling's integration page.
By clicking ‘View Set-up Instructions’, you’ll be taken to the final step of the set-up process.
On this page, you will find your:
Head back to Sapling and enter these into your SAML Authentication.
Enter the SAML information into Sapling by pasting the SSO Login URL (SAML 2.0 Endpoint (HTTP)) and the x.509 Certificate information from Okta.
Sapling can also provision the new hires Okta account.
The workflow with this is:
When a Sapling Admin completes the onboarding flow, the new hire account is set-up by Sapling with the following attributes:
To set-up provisioning, you will need to add an Okta API Token to Sapling and select Provision New Hires directly from Sapling.
This API section is available in Okta under the Security section.
Create a new API Key with the any name (i.e. Sapling HR) and provide access to Manage Users.
You will then be granted the API Token to be added to Sapling.
Learn more about Okta User Provisioning here
Confirmation Response Example